Database backed declarative security in JBoss

This had me looking through the docs for a while to find, so I thought I would share.

If you need to secure a Java EE app, be it a web or EJB module, and want to use container-based security instead of coding it yourself, JBoss provides a nice convenience model for pulling out Principals (users) and Roles (permissions) from a table in your database.

What you have to do is edit the file <jboss_home>/server/login-config.xml and add an entry using the org.jboss.security.auth.spi.DatabaseServerLoginModule. Here’s the one I’m using: